-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 While researching a problem with the Gauntlet 5.0 web proxy a while back I had a chance to observe RealAudio traffic tunnelling itself through our web proxy. RealAudio actually allows you to configure or gives the option to determine for itself the best method out of several types of transport, including TCP and UDP-based transports. As if thats not confusing enough, there are also two different versions of the TCP transport protocol to choose from, either RTSP (TCP port 554) or PNA (TCP port 1090). The UDP-based transport uses both multiple single ports and a range of UDP ports. So the least complicated thing is to just tell it to run through your Web Proxy. Through a web proxy, at least,I can tell you that RealAudio sends some strange traffic through, including mysterious encoded/encrypted (?) 5k POSTs on a fairly consistent basis (with Spinner we were able to match them to the ends of songs that we played through the client) that I assume are encoded requests or updates of state information to the realaudio server. With the two clients I was testing with (Spinner and RealPlayer 6.0.6.45) the POST requests were adorned with incorrect content-lengths and non-Y2K-compliant expiration dates for content. Just not knowing what the thing is posting through your firewall should make any reasonably paranoid admin nervous enough. I would say just on external observation and not knowing the guts of the protocol, that its definitely a big black hole, but if you must proxy it set up a TCP/SOCKS proxy instead of burdening your web proxy with the additional barely-compliant HTTP traffic. Matt LeGrow Network Associates, Inc. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Note : Opinions expressed herein are most certainly NOT that of my employer :-) > -----Original Message----- > From: Cracknell, Phil [mailto:phil.cracknellat_private] > Sent: Tuesday, January 18, 2000 5:47 AM > To: firewall-wizardsat_private > Subject: Real Audio Security > > > > Two in one day! > > Could someone point me to any research data on the security > pitfalls of Real > Audio through a firewall? > > Particularly interested in bandwidth issues, use of PN prxy or > other. > > Thanks > > Phil > -- > -------------------------------------------------------------- > -------------- > The information contained in this message is intended for the > named recipients > only. If you are not an intended recipient of this message, > you must not copy, > distribute or take any action in reliance on it and you > should notify the > sender immediately. E-mail transmission cannot be guaranteed > to be secure or > error-free as information could be intercepted, corrupted, > lost, destroyed, > arrive late or incomplete, or contain viruses, and Nomura > International plc > excludes liability for (1) any errors or omissions in the > contents of this > message which arise as a result of e-mail transmission and (2) the > transmission of any viruses. If verification is required > please request a > hard-copy version. > > Nomura International plc is regulated by the Securities and > Futures Authority Limited and is a member of the London Stock > Exchange. > > -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.1 Comment: Crypto Provided by Network Associates <http://www.nai.com> iQA/AwUBOIdrlvbW52zw8/NBEQIcNwCfSpLmVAKvthT9ZklENoCG6/5d5zMAoNY/ oJDgsvH6ZJmym26QB8+1qzAB =KuVp -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:58:43 PDT